Method for selling, protecting, and redistributing digital goods

ABSTRACT

This is a method for limiting access to selected features of a freely distributed multimedia file, by disabling selected features of the file (using encryption, compression, or other access denial), distributing the file with some enabled features as an inducement to new users, and offering to enable more features when a new user attempts to use a disabled feature. A licensing system then receives a request from the user&#39;s system, identifying a specific operating context and one or more features desired by the corresponding user. Accounting is done and an authorization is sent to the user or the user&#39;s system to enable the features. However, the authorization is uniquely associated with the measured operating context of the user and the features remain enabled only for said operating context, thus limiting full operation to authorized users, while permitting new users access to limited operations.

[0001] This is a Continuation in Part based upon pending applicationU.S. Ser. No. 09/764,293, which was filed on Jan. 19, 2001, which was aContinuation of U.S. Ser. No. 08/631,411, filed on Apr. 12, 1996, nowissued as U.S. Pat No. 6,266,654, which was a Continuation in Part ofU.S. Ser. No. 07/990,445, filed on Dec. 15, 1992, now issued on Apr. 16,1996 as U.S. Pat. No. 5,509,070.

BACKGROUND-FIELD OF THE INVENTION

[0002] This invention relates to a method of encouraging distribution,registration, and purchase of freely copyable software and other digitalinformation. The invention applies to software as well as otherinformation which can be repeatedly copied with little loss of fidelity,and which is expressed via a hardware- or software- programmableapparatus, such as a computer or a digital audio tape player.

[0003] The Copyability of Software—problem and Opportunity.

[0004] Digitally encoded information (“software”) is one of the mosteconomically important commodities of the era. The ease and economy withwhich perfect copies can be made, copied and distributed has promotedthe spread of software and related technologies through “traditional”commercial channels (retail and mail order sales, etc.) and through“non-traditional” distribution channels: computer user groups,user-to-user copying and sharing (e.g., of software and of music andvideo tapes), digital data networks such as the internet, CompuServe,static media such as CD-ROM disks loaded with large quantities of data,public libraries, and broadcast media. These non-traditionaldistribution channels in particular have made it difficult for softwarecreators and copyright holders to regulate the use of their creations,or to receive payment and registration information from their users.Consequently, software producers forfeit substantial revenues andvaluable information about their customer base and potential markets,while businesses and universities find themselves subject to legalprosecution and intimidation for software piracy.

[0005] Two approaches to these problems are copy-deterrence, and copy-encouragement. Copy-deterrence is implemented through laws, licenseagreements and copy-protection technologies. Copy-encouragement ispracticed by “shareware” and small scale marketers who tolerate the lowregistration rates in order to reach the many potential users who can bereached at little cost through non-traditional distribution channels.Separately and in combination, however, these approaches have hadsignificant disadvantages.

[0006] Copy-deterrence.

[0007] Legal copy-deterrence techniques such as licensing agreements,and litigation against companies and universities whose membersknowingly or unknowingly engage in piracy are inefficient, expensive,and often unsuccessful. They incidentally create large numbers of“software criminals” or “pirates” who routinely violate theseunenforceable, hard-to-understand, and often unreasonable contracts.

[0008] Hardware and software copy-deterrence technologies have also beendeveloped, but they often raise the price and complexity of the softwareproduct, and inspire the development, sale and use ofcounter—technologies intended to defeat these copy—protectiontechnologies. Copy-protection techniques often inconvenience Users whohave legitimate needs and good reasons for making copies, and Userprotests against such inconveniences have in fact caused many softwarevendors to abandon copy-protection schemes. Yet another disadvantage ofhardware-based copy-protection techniques, as well as those whichinvolve modification or customization of the executable program itselfis that they prevent software vendors from exploiting the remarkablenon-traditional distribution networks which have sprung up in thesoftware marketplace, and which have given rise to the alternativeapproach, copy-encouragement.

[0009] Copy-encouragement

[0010] Shareware programmers and vendors encourage their users to copy,share, and distribute software to others in hopes that an adequateproportion of recipients will voluntarily contact the vendors, registerthemselves, and pay for the software which they are using. Only a smallfraction of users actually oblige, but the non-traditional distributionchannels reach so many potential customers so cheaply, that theshareware strategy has been adopted by small-scale vendors who do nothave the resources for traditional manufacturing, advertising,packaging, and distribution methods.

[0011] In addition to the explicitly-shareware oriented softwarevendors, it has been observed that many purveyors of popular softwarepackages actually tolerate a large amount of illicit copying in thehopes that users will eventually purchase a copy or an upgrade. In anycase, it is obviously and crucially desirable to the vendors ofeasily-copyable software that users register and pay for software.

[0012] Users of freely copyable software are often encouraged toregister and pay for software by offering them additional benefitsincluding “enhanced” versions of the software. But this strategy isdeficient: withholding such benefits reduces the attractiveness of theproduct to potential users, and reduces the probability that users willrecommend or give the program to other paying customers. And once a userhas purchased one enhanced copy, he or she has even less incentive forregistering additional copies to be used on additional machines, and isnow able to pirate the more powerful program, thus undercuttingincentives for registration among future users who might receive copies.There is a need for a means of INSTANTLY rewarding Users who registerand pay for freely copyable software, without undercutting futureincentives for registering, copying, and distributing additional copies.

[0013] Another problem with the prior art is that the people whoactually create software (i.e., programmers) often do not have thefinancial resources, business experience, time or motivation requiredfor registering, billing, and collecting money from paying users. Thisis why they often license their programs to established publishers andsettle for a small percentage of the profits which arise from the saleof their creations. Programmers would benefit greatly if they could“program a business operation” into their software just as they can now“program a computational operation” into their software—i.e., by addinga few lines of code which activate other routines which will do theirbidding. The present invention provides a means of satisfying thisunrecognized need in the industry.

[0014] Objects of the Present Invention

[0015] One object of the present invention is to encourage users to payfor, and register the freely-copyable software they actually use.

[0016] Another object is to enable programmers to “program a businessoperation” by writing a few lines of code, and thus reduce theirfinancial and other dependence upon software publishers, distributors,and vendors.

[0017] Another object is to allow programmers to be confident that theirlicensed representatives (software distributors and vendors) are in factreporting and paying royalties on all product sales.

[0018] Another object is to encourage and allow users to evaluate andexploit useful software before deciding whether to purchase, and toprovide a convenient and rapid way for them to purchase access toadvanced features severally or individually, as they and the programmerchoose.

[0019] Another object is to incent users to distribute freely-copyablesoftware to other people who would benefit from, and possibly purchasethe software.

[0020] Another object is to create economic and pragmatic incentiveswhich deter piracy: the idea is that if higher registration rates couldbe attained, software prices could more accurately reflect their actualutility to the average user. This would reduce the incentives for piracyand associated technologies.

[0021] Another object is to increase the availability and profitabilityof freely copyable software and of the grassroots distribution channels.

[0022] Another object is to enable users to gain instant access toadvanced features of freely copyable software with minimal delay throughvirtually any form of communication technology with or without auxiliarytelecommunications equipment such as modem.

[0023] Another object is to eliminate the need for costly andinconvenient non-copy-able adjuncts to software programs (such asexpensively printed manuals and packaging, hardware locks) etc., whoseonly purpose is to deter illegal copying of software and whose effect isto inflate software prices.

[0024] Another object is to improve upon the technology embedded in theauthor's prior art (TAU) so that technology can be made available toother programmers as freely-copyable software tools.

[0025] Still further objects and advantages of the present inventionwill become apparent from a consideration of the ensuing description anddrawings.

SUMMARY DESCRIPTION OF THE INVENTION

[0026] Some of the above objects have been partially realized in acomputer program developed for different purposes by the present authorin 1989. This is probably the most relevant prior art, and the presentinvention is both an improvement and a new use of the author's earlierinvention, and of other related inventions, such as U.S. Pat. Nos.4,796,220 and 5,113,118.

[0027] My previously-developed program (“TAU” for the scientificanalysis of biological rhythms data) is not copy-protected, and copyingis encouraged. However certain “advanced features” of the program areinaccessible on a given machine until a unique, or nearly-uniquepassword is installed on that machine. These advanced features (such asthe ability to make publication-quality reports) are inessential foreducational and evaluation purposes (and so they do not discouragedistribution along the grassroots channel), but they are desirable forserious or professional use (and so they do encourage userregistration). The instant the password is installed, the “advancedfeatures” of the program are unlocked. The password, like the programitself, is freely-copyable (so backups can be made and restored freelyon the machine for which that password is appropriate). However, sincethe password is useless on other machines to which copies might betransferred, a new password must be purchased for each new machine onwhich the advanced features are desired. Thus the method encourages allusers to evaluate, copy, and distribute the software to other machinesand other potential users, while at the same time encouraging serioususers to register and pay for not-merely-evaluative use.

[0028] During two years of experimental monitoring, some deficiencies ofthis method were identified. While the method did ensure that thesoftware vendor would report and pay royalties to the author (who wasthe only party with the routine for generate appropriate passwords) theprocess by which the user obtained a password proved inconvenient forvendor, author, and customer. The protocol for obtaining passwords was:Program presents ID to User, User gives ID to Vendor (by phone, mail orfax), Vendor gives ID to Author (by phone), Author gives Password toVendor (by phone), the Vendor gives ID to User, User gives ID to program(via the keyboard), the program installs the ID. The present inventionpreserves the security advantages while simplifying and making moreflexible the process by which passwords are obtained. A seconddeficiency was that while the method allows selective locking ofparticular features in an otherwise functional program, it became clearthat we needed a method by which Users could selectively purchase onlythose advanced features which were required on a particular machine. Athird deficiency was that when users upgraded or repaired theircomputers over the course of the experimental period, we had to issuereplacement passwords at no charge, and had no convenient means ofverifying claims about computer modifications. During testing it becameclear that if such deficiencies could be addressed, and if the schemecould be disembedded from the particular biological rhythms program forwhich it had been developed, it could be of quite general utility. Thepresent invention addresses these deficiencies, generalizes the schemetested in the author's earlier creation, and disembeds it from thatexperimental context in such a way that it can be incorporated intoother programmer's and software producers creations.

OVERVIEW OF THE INVENTION

[0029] The invention as described is most easily understood as a set ofsoftware tools which computer programmers can incorporate into their ownprograms by adding a few lines of code. These programmer-written linesactivate the software tools which enable or perform some or all of thefunctions to be described. However, it should be understood that thescope of the present invention is not restricted to the distribution ofexecutable software such as computer programs per Se. For example, theinvention could just as easily apply to a freely-copyable audio tapewhich would play at full fidelity only on an audio processor which wasprogrammed to require a valid password. Thus, the protected software andthe programmer's program might be separate entities with the latterintegrated into firmware, the protected software and the programmer'sprogram might be integrated with each other as in the case of my programTAU, and so on.

[0030]FIG. 1 illustrates the physical entities, processes, and functionscomprise the present invention.

[0031] The User acquires freely-copyable software through the “LaissezFaire Distribution Channel” 10 which comprises all of the methodspreviously described as non-traditional distribution channels as well asother distribution methods which might be developed in order to exploitthe present invention. The “User's Processor” 15 is the device(typically a computer, or digital signal processing device) whichprocesses “the Protected Software” under the control of the“Programmer's Program” 20, and the Licensing Processor 90 under thecontrol of the Licensing Program 85, generates passwords for one or moreProgrammer's Programs and may also transact financial other transactionswith the User. The Authorization Channel 80 will often consist of a2-way telecommunications channel such as a telephone line, andparticipates in the transmission of IDs, Passwords and other informationbetween the User's Processor and the Licensing Processor.

[0032] When a Valid Password is Already Present.

[0033] We first describe the processes which occur when a User executesthe Protected Software in the presence of a previously-installed validpassword. When the Programmer's Program 20 is loaded and executed on theUser's Processor, one of its component processes is to “Generate aPassword-able ID” 25 based in part upon the adequately-uniquecharacteristics of an ID-Target. The ID-Target 30 is the entity to whichaccess to the Software's advanced features is linked. In the figure, itis supposed that the ID-Target is the User's voice, but in otherembodiments it might be the serial number or other distinct features ofthe User's processor. (Prior art methods by which ID-targets such asvoices might be characterized for the production of Target-IDs will bediscussed below.) Once a Passwordable ID is generated, the Programmer'sProgram looks in an information storage location for a “PreviouslyInstalled Password 40. In a computer, the information storage locationwould typically be a file on a hard disk drive, but in principle thePassword could be installed in any location accessible by theProgrammer's Program, including the memory of the User interacting withhis or her Processor. The Programmer's Program then conducts a Check 45to determines whether the Previously Installed Password (if any) is thecorrect match for the specific Password-able ID which has beengenerated. If the password is valid the Programmer's Program Unlocks theAdvanced Features of the Software, and gives the User full and unimpededaccess to the program's advanced features (End State 50).

[0034] No Valid Password

[0035] If Check 45 does not find a Valid Password, the Programmer'sProgram gives the User the information he or she needs in order todecide whether to a password for the Software's still-locked AdvancedFeatures. Given this Offer 55, it is up to the User to decide whether ornot to Obtain a Valid Password (60) and communicate that decision to theProgrammer's program. If the User decides not to obtain a validpassword, the program simply leaves the advanced features Locked (EndState 70).

[0036] User Decides to Obtain a Valid Password

[0037] However, if the User's Decision 60 is to obtain a valid password,an Authorization channel 80 must be activated which establishescommunication between the User (or his processor) and the Licensingsystem which is comprised of Licensing Processor 85 executing LicensingSoftware 90. The function of the Authorization Channel 80 is to send thePasswordable ID, and typically other payment information as well, fromthe Programmer's Program to the Licensing system and then to transmit avalid Password from the Licensing System to the Programmer's Program.The functions of the Licensing system is typically to receive paymentinformation from the User, arrange for the transfer of funds from theUser to the Programmer, and generate and transmit the specific passwordrequired by the Passwordable ID. Upon receipt of the password theProgrammer's program unlocks the advanced features of the program justas in Step 50, and also installs the Password in storage location 40 sothat on subsequent executions of the Programmer's program the flow ofcontrol will terminate at End State 120, (identical to end state 50)with Advanced Features Unlocked.

[0038] Punchline

[0039] Note that if a copy of the now-Unlocked software is copied toanother ID-target it will automatically relock, provided either that thenew target-ID is different from the old target-ID, and/or that thePassword for the original ID-target was installed in such a way that itcould not be transferred to the new ID-target.

DETAILED EXPLICATION OF THE INVENTION

[0040] The Laissez Faire Distribution Channel

[0041] The present invention differs from earlier inventions inseparating the distribution channel by which software is acquired anddistributed from the authorization channel by which licensing istransacted. One advantage of this innovation is that it allows Users andsoftware distributors to support rather than impede the flow ofinformation through the Laissez Faire Distribution channel whichdevelops relatively spontaneously and at little cost to participantswhen freely-copyable software is present. Another advantage is thatrelatively little information needs to flow through the proprietaryauthorization channel. The present invention may well expand the LaissezFaire Distribution channel by making it economically viable for Softwarepublishers to distribute software through the mail, as give-away itemstucked into the volumes of third-party books, or as donations to publiclibraries, and so on. Note however, that while the Laissez FaireDistribution Channel may thus support and be supported by the presentinvention, it is not a necessary part of the present invention. Thepresent invention could also support the distribution, by mail and othermeans, of non-copyable software (e.g., on CDROMs), provided only thataccess to advanced features can be locked in the absence of a validpassword on the User's System.

[0042] The User's System

[0043] The nature of the User's Processor and the Programmer's Programwill depend on the nature of the Protected Software being processed. Theprocessor for a protected computer program or a protected text file istypically a traditional computer; the processor for a protectedaudio-tape is a tape player, and so on. In essence then the User'sprocessor is a device which processes the protected software undercontrol of the Programmer's Program. Several observations are pertinent.First as multi-media processors are developed they will be able to dealwith more and more kinds of protected software in an integrated fashion,so the scope of the present invention should be increasingly broad.Second, the Programmer's Program need not necessarily be distributed ordistributable through the Laissez Faire Distribution Channel. It couldtherefore be incorporated into the hardware, firmware, or software ofthe User's Processor. Thus, to the extent that the User's Processor hasbeen made to mediate the methods of the present invention, it isintended that it be covered by this patent.

[0044] Generate Passwordable-ID

[0045] The Passwordable ID is the adequately unique string of symbolsfor which a specific password is required. The oxymoron“adequately-unique” is used because (1) adequate utility may be achievedeven if Passwordable IDs are just variegated enough to significantlyreduce the probability that a password obtained for one ID-target willwork for another ID-target to which the first password might betransferred, and (2) because the need for one-of-a-kind uniqueness canbe further reduced if passwords are installed (in step 100) in such away that they are not transferrable from one ID-target to another.

[0046] The ID must be generated in such a way that two ID-Targets willgenerate different IDs. Also, in order that a plurality ofLicensed-features in a plurality of software programs be independentlylicensable on the same ID-Target, any two Licensed features must be ableto generate different IDs even in conjunction with a single ID-Target.Those familiar with the art will recognize that this can be achieved avariety of ways. In one preferred embodiment, each item of protectedsoftware is assigned an adequately unique P-digit Program ID, and eachlicensed Feature is assigned an F-digit Feature-ID, and each ID-Targetcan be associated with a T-digit Target-ID such as a serial number. Onceassigned (using methods described below) these ID numbers are combinedin a fashion which preserves their uniqueness (e.g., by concatenatingthem to produce a number with N+M+T digits capable encoding 10^^((N+M+T)) values) and then using this combination, an encryption of it,or some other adequately-unique transform of it, as the ID.

[0047] In addition, to ensure error-checking when the Passwordable ID istransmitted to the central computer (80), it is desirable that aPasswordable ID satisfy some kind of coherence constraint such that themis-report of a single digit can be detected. One coherence constraintwould be to append two more digits to the ID which would constitute achecksum for the preceding digits. Thus an error would be detected whenthe checksum and the preceding digits were inconsistent.

[0048] Other information could usefully be encrypted into the ID aswell. For example, to facilitate compensation of the software creatorand to ensure that the correct price is being assessed for a givenPassword (Step 95), the ID could also encrypt the price of the softwareand the name of the party who should receive royalties, and so on.

[0049] Thus the invention requires only that an adequately unique ID begenerated; it does not require that the ID be generated any particularway, and our invention should not be considered to be dependent on anyparticular method. As illustrated in the next paragraphs, a variety ofmethods-can be adopted by individual programmers to suit the needs oftheir application.

[0050] Method of Assigning Feature-IDs and Program IDs

[0051] To the extent that a sufficiently large number of digits havebeen allocated Feature and Program IDs, the programmer can safely use arandomly-seeded number generator to select values for these IDs, sincethe probability that two programmers would fall upon the same numbers isadequately small. Alternatively, unpredictable Feature-IDs can beassigned by a central computer maintained by operator the LicensingSystem, which computer maintains a database of previously assigned IDs.

[0052] Method of Assigning Target-IDs

[0053] The method of assigning target-IDs will depend upon the nature ofthe ID-Target device, the requirements of the Programmer's program, andthe intended distribution. It should be noted that target-IDs need notbe genuinely unique for the present invention to be of substantialutility: it is sufficient that they be rare enough to substantiallyreduce the probability that the ID assigned to one ID-Target will notalso be assigned to one of the ID-Targets to which the software might becopied. Furthermore, to the extent that adequately rare Target-IDscannot be assigned, the objectives of the invention can still beachieved by rendering the installed password non-copyable usingconventional copy-protection techniques. Thus, the purpose of the nextparagraph is to demonstrate that adequately unique IDs can be generatedin a variety of existing and anticipatable situations usingcurrently-available technology.

[0054] Those with ordinary skill in the art will recognize that manyID-Target devices possess unique identifiers which can be accessed bythe Programmer's Program and used as the basis for target-IDs. Forexample, many computers, printers, hard disks, and CD-ROM disks havesoftware-accessible serial numbers. Of those devices which do not haveserial numbers, many have software-assessable characteristics (such asthe number and kind of peripherals, central processing unit chips, theinterleave factor and timing characteristics of the hard drive, etc.)which can be used to generate a target-ID which is sufficiently uniqueto satisfy the needs of the situation. In addition, a variety ofcomputer devices have been invented for retrofitting a computer with aunique serial number, and these too could be used to generate target-IDson computers which were so-equipped.

[0055] Other kinds of ID-targets, such as the voice of the User can becharacterized using existing pattern-recognition technologies togenerate a user-specific target-ID which is “fuzzy enough” to recognizethe user under varying conditions, but specific enough to reject otherUsers.

[0056] In this paragraph we disclose a software-based method we havedeveloped to retrofit Target-IDs with writeable non-volatile storagedevices (such as computer hard drives or programmable read-only-memory(PROM) chips. By this method, a nearly unique “tattoo” is generated andwritten to the storage device. The near-uniqueness of the “tattoo” canbe achieved by using a random number generator initialized or “seeded”in a fashion which will vary from one ID-Target to the next (thisfacility is typically incorporated into a “randomize” command in manyprogramming languages). Alternatively or equivalently, a nearly-uniqueID can be based upon a high-resolution time-stamp generated using theprocessor's system clock, or by a variety of other means. To the extentthat this “tattoo” is the only source of the Target-ID's uniqueness itis desirable that it not be copyable from one ID-target to another. Thiscan be achieved by hiding the tattoo from the User, copy-protecting it,etc., using techniques known to those with ordinary skill in the priorart.

[0057] Once the Feature-, Program- and Target-IDs are assigned, thePasswordable ID which synthesizes them can be generated using methodslike those described above.

[0058] Check for Valid Password (step 45),

[0059] Generate Valid Password. (step 93)

[0060] Because the method of determining the validity of the password(step 45) depends upon the method by which passwords are generated (step93) in the Licensing Processor (90), these two processes will bedescribed together.

[0061] The User's Processor under control of the Programmer's Programchecks for a valid password by accessing the password storage locationof step 100, and determining the validity of any candidate passwordsfound in that location. One password generating method uses the ID, orsome transform of it, as the seed to a deterministic number generatorand uses the random number generator to generate a deterministic butunpredictable Password. In that case, the method by which theProgrammer's Program determines the validity of the password is: use thesame method to generate the Password in the User's processor, comparethe password generated to the candidate password, deem the candidatepassword valid if it is identical to the generated password.

[0062] An acceptable but undesirable feature of the method justdescribed is that the password-generating algorithm must be secretedinside the Programmer's program where it might be discovered by hackersseeking to breach the system. This shortcoming could be eliminated ifthe Programmer's Program were capable of validating, but not generating,a valid password. One way this could be accomplished is to ensure thatthe licensing system is substantially more powerful than the User'ssystem. In this case, one could exploit the fact that primefactorizations of large numbers are easier to confirm than to generateby adopting the convention that the password generated by the licensingsystem would be the prime factorization of an N-digit number producedusing the ID as randomization key, where N is chosen to be within thefactorization capabilities of the licensing computer but not the Usersor hacker's computer. Under this password-generation method, thepassword-validation method (which would be within the capability of theUser's computer) is to generate the N-digit number and confirm that itis indeed the product of the factorization contained in the password.

[0063] Another way which could ensure that the programmer's programcould validate but not generate a Password is to exploit the fact that,given a sequence of pseudo random numbers, and given a candidate-seed,it is easy to confirm that the sequence is generatable from thecandidate-seed, but it is difficult to generate the seed from the pseudorandom number sequence alone, unless one also has a detailedunderstanding of the random-number generation algorithm and an algorithmfor reversing its operation. This fact could be exploited for thepresent invention by putting the random-number generating algorithm inthe Licensing program, while secreting the reverse-operation algorithmin the Licensing Program only. Then the Password for a givenPasswordable-ID could be the random number seed capable of generatingthat Passwordable-ID. Thus, the Licensing System would have thewherewithal to generate that Seed while the User System would only havethe ability to confirm it. To prevent hackers who had isolated therandom number algorithm in the Programmer's Program from using aniterative trial and error process to discover the Seed capable ofgenerating the Password-able ID, one could ensure that the random-numbergeneration algorithm requires so much computational power that, while itwould be fast enough to generate a particular sequence when providedwith a seed, it would be too awkward to be used to test all possibleseeds to find one which generates the particular sequence. [There arecitable patents and texts which explain random number-generationmethods]

[0064] Other methods to increase the security of the password validationmethod can be envisioned, and are intended to fall within the scope ofthe present invention.

[0065] Unlock Advanced Features

[0066] The result of the Password Validation method 45 must be madeavailable to the Programmer's Program. This can be achieved by providingthe programmer with a function such as PasswordIsGood(ID,Password) whichreturns a value of true if the Password is valid, and false if not.Conventional programming techniques can then be used to unlock anAdvanced Feature if the function returns true. For example,

[0067] If PasswordIsGood(ID,Password)

[0068] then Enable_Advanced_Feature.

[0069] Offer Password

[0070] If PasswordIsGood returns false, this can similarly be used totrigger routines which provide the User with instructions about how toobtain a valid password, and invite the user to do so. The nature ofthese instructions depends upon the Authorization Channel used in step80, but minimally they must provide the User with the informationrequired to make an informed decision about whether or not to acquire apassword. This might include information about the benefits of theAdvanced Feature and the costs of obtaining a password for that advancedfeature.

[0071] User Decision: Obtain Valid Password?

[0072] It is thus the User's decision (step 60) whether to acquire aPassword or not. If the User decides not to acquire a password, theAdvanced Feature in question remains locked.

[0073] Enable the User to Obtain a Password if Desired.

[0074] If the User elects to purchase a password to unlock an advancedfeature he or she can be given appropriate instructions, based upon theAuthorization procedure 63 and Authorization Channel 80 adopted by theprogrammer.

[0075] Minimally, the ID must be transmitted to the central computer. Inaddition, the software vendor may want to receive payment, and personalregistration information such as name, address telephone number,computer system, etc. All of this can be accomplished easily usingreadily available technology, with or without human assistance.

[0076] For example, the Licensing software could inform the User of theFeature ID for which a password is needed, and instruct the User to calla particular telephone number and submit the ID via voice, touch-tonekeypad, etc . . . Payment for the password can be transacted by using a900 (toll call) telephone number, or by instructing the user to submit acredit card number, etc. Credit cards can be confirmed while the User ison the line, and during this time registration information can also beobtained over the phone, if desired. When the ID is received by theLicensing Computer, it is checked for internal consistency based uponthe methods of Step 25 to assure that there have been no communicationerrors during transmission of information from Licensing-processor tocentral computer. When consistency has been confirmed, and payment (ifany) transacted, voice-technology is used to give the User the password,to invite the User to repeat the password (for purposes of checking),and to correct the User if there has been any miscommunication of thepassword. Then Instruct the User to submit the password to the LicensingSoftware and to hang up the phone. And finally, arrange for theProgrammer to receive appropriate compensation; e.g., by transferringthe payment received from the User, minus a commission, to an accountdedicated to the programmer.

[0077] Alternatively, if the User's Processor can be put in directcommunication with the Licensing Processor, (e.g., if the LicensingProcessor is equipped with a modem), all of the User's decision,registration and payment information can be obtained off-line by theProgrammer's Program and then the two Processors could computer couldcommunicate rapidly and automatically with out any User involvement. Inthis case, the User need not be informed about the nature of the ID orPassword.

[0078] Alternatively, albeit much more slowly, communication with thecentral computer could be conducted via paper mail with humanintervention. And so on. It will thus be understood that these areexamples of preferred embodiments, and that other variations,improvements, etc. are intended to fall within the scope of the presentinvention.

[0079] Transact Authorization

[0080] All of the transaction-authorization functions of the Licensing,Processor, under control of the Licensing Program, can be implementedusing commercially, available voice-processing and computer technology.Some or all of these functions could also be accomplished with humanintervention, e.g. by a telephone operator associated with the LicensingProcessor. Thus, it is the procedures described here which are theessential features of the present invention, not the specificimplementation.

[0081] Minimally the Licensing Processor (with or without humanassistance) must receive the transmitted ID, generate the appropriatepassword using methods complementary to those of the ValidationProcedure 45 as discussed previously, and transmit that password backover the authorization channel.

[0082] Additionally, the Licensing Processor may be programmed to chargethe User for the Password in a manner consistent with the Password Offerof Step 55, and credit the Programmer appropriately. If theAuthorization Channel 80 is a 900 telephone number, debiting of the Useris automatic; crediting the Programmer would be accomplished by updatinga database of payments due, triggering a transfer of funds bycommunicating with a banking computer, etc. Alternatively, the LicensingProcessor can be programmed to obtain and confirm the validity of acredit card or purchase order number before providing the password, andso on.

[0083] Finally, the Licensing Processor may be programmed to obtainregistration information such as the User's name, address, telephonenumber, make and model of processor, etc. This information may be ofsuch value to the purveyor of the protected software (e.g., for purposesof advertising or follow-up sales) that it may be economically viable toaccept registration information in lieu of monetary payment. Thisinformation would then be stored in a conventional database to which theSoftware purveyor would have access.

[0084] Install the Valid Password.

[0085] Once received from the Licensing processor, the valid passwordmust be installed in a non-volatile storage area such as a file on ahard disk so that on subsequent occasions when the licensing software isrun on the licensing processor, the correct password will be found andthe relevant advanced feature will be unlocked (step 50).

[0086] To the extent that the Target IDs assigned in step 25 are notone-of-a-kind on each ID-Target, it is desirable that the installedpasswords be laid down in a fashion which renders them tamperproof andnon-copyable, using copy-protection technology of the prior art. Thatway, a new password will be required on a new ID-target, even if theUser uses a mass-copy operation to transfer all (copyable) filesassociated with the program to the new ID- Target, and even if thePasswordable ID in the context of the new Target-ID is identical to thatof the old ID-Target.

[0087] Unlock Advanced Features

[0088] Additionally, upon receipt of the valid password it will beconvenient to unlock the Advanced Features of the program as in Step 50.

[0089] Exemplary Embodiments

[0090] In order to partially indicate the scope of the presentinvention, two embodiments and applications consistent with theforegoing will now be described.

[0091] The author's previous computer program, TAU, could be improved byadopting the present invention. The computer program would befreely-copyable and incorporate both the Protected Software and theProgrammer's Program. The Target-IDs would be distinguishing features ofthe User's Processor (e.g. a serial number in the CPU) and two AdvancedFeatures would be the ability to produce high quality printouts and theability to save modified data to disk. According to the methods of step25, the two Advanced Features would generate two Passwordable IDs whichare adequately specific to the User's Processor. The Programmer mightfind it convenient to adopt the convention of storing passwords forthese IDs on the Hard Drive of the User's Processor in files whose namesare identical to the IDs. If valid Passwords are determined to be absentduring Check 45, then whenever the User attempts to use the LockedFeatures, she would be invited to telephone the site of the LicensingComputer, and to give a human operator there the specific IDs requiredas well as a credit card number. If the User's Decision 60 is to obtaina password for high quality printouts, she telephones the humanoperator, provides the Passwordable-ID for that advanced feature as wellas credit card authorization information and receives in return thePassword for that ID. A utility incorporated into the computer programwould allow the User to type in any passwords obtained, then installpasswords, and unlock the appropriate advanced feature.

[0092] In another application and embodiment, it may be supposed thatthe Protected Software is encrypted in a freely-copyable text filecontaining information which is intended to be displayed on a computerscreen only in the presence of a particular authorized individual who isidentified on the basis of his vocal characteristics. In this case, theID-Target would be the User's voice, the Protected Software would be thetext file, and the User's Processor would include appropriate voicerecognition hardware and software (the latter software including theProgrammer's Program). So that a tape-recording of the User's voicecould not be used to thwart the present scheme, the feature ID would becomputed as follows: Each time it is desired to assess thecharacteristics of the User's voice, present a short random sequence ofletters and ask the User to read them aloud. Using prior-art voicerecognition technology (e.g., that which is already being marketed byvendors such as Dialogic Inc.) to confirm the sequence of letters spokenand generate a Target-ID which numerically encodes parameters whichdistinguish human voices. The password for this Target ID would be asequence of letters to be memorized by the User. If the sequence is thecorrect one, the appropriate Advanced Features of the encrypted text aredecrypted by the Programmer's Program; if the User does not present anappropriate Password, he is invited to obtain one as in the previousexample. Thus in this example, the User's own memory would be thestorage location for the Password.

[0093] Description of One Possible Software-tool Implementation.

[0094] One object of the present invention is to allow programmers toconveniently invoke the just-described methods by adding a relativelysmall number of lines of code to their own programs. This can beachieved by supplying programmers with a few simple commands whichinvoke more complex operations implemented in pre-compiled objectmodules or units. An exemplary implementation in the Pascal language isnow described with the understanding that other languages andapplications will require different implementations, and thatprogrammers may well want to augment or replace one or more of theseroutines with variants of their own, while remaining within the scope ofthe invention.

[0095] Function GetTargetID:longint; (step 30)

[0096] This is a function required for step 25, returning a number whichis adequately specific to the ID-Target 30. Variant functions might beprovided which are more or less specific in order to suit the needs ofthe programmer, and in order to adjust the sensitivity the Target-ID tosmall changes in the characteristics of the ID-Target (for example, ifthe Target-ID is a User's voice, it might be desirable for the ID-Targetto remain constant when the User's voice is hoarse or stressed).

[0097] Function MakeID(GetTargetID, FeatureID,

[0098] ProgrammerID):Longint;

[0099] This function implements step 25. It generates the PasswordableID based upon the Target-ID (obtained from GetTargetID or by other meansof the programmer's devising), upon a FeatureID (assigned by theprogrammer), and upon (in one preferred implementation) a ProgrammerIDwhich encrypts the identity of the Programmer who should receiveroyalties for purchased passwords.

[0100] Function GetInstalledPassword:longint;

[0101] This function looks in a predetermined storage location 40 (e.g.in a file with a particular name, or a name based upon the ID itself)for a candidate password. If no Password is found, GetInstalledPasswordgets a default value such as 0. If a Password is found,GetInstalledPassword returns the value of that Password.

[0102] Function PasswordIsGood

[0103] (GetID, GetInstalledPassword):boolean;

[0104] This function implements step 45. If the InstalledPassword isvalid for the ID in question, GetPasswordValidity returns True;otherwise it returns false. The Programmer's Program can use this valueto decide whether the advanced feature(s) should be unlocked or whetherto User should be invited to obtain a valid password.

[0105] Function GetNewPassword:longint;

[0106] This routine demonstrates a way in which a programmer couldinvoke steps 55, 60, 93, 95 through the use of a single function. Onepossible implementation of the routine, pseudo-code, follows.

[0107] Function GetNewPassword(GetID):Longint;

[0108] begin

[0109] writeln (‘Because the current password, is not valid you will notbe able save your document to disk.

[0110] A call to the licensing-computer's 900 number will cost you only$1.00, and take only 30 seconds, and your password will remain valid aslong as you keep this computer.

[0111] Shall I use the modem on your computer to get you a password tounlock this advanced feature? ’)

[0112] if UserSaysYes then

[0113] Get_Modem_To_Get_Password_For_This (ID)

[0114] else

[0115] GetNewPassword:=0;

[0116] end;

[0117] Procedure InstallNewPassword(NewPassword):

[0118] This procedure implements step 100. By installing the password inthe storage location which is searched by function GetlnstalledPassword.To the extent that the Target-ID obtained in step 25 was not adequatelyunique, it may be desirable to use existing technology to Install thepassword in a hidden and copy-proof fashion. That way, even if multiplemachines require the same password, the password will have to beobtained on each such machine.

EXAMPLE OF PROGRAMMER'S PROGRAM

[0119] Given the above, the Programmer can “program in” thecomputational and commercial operations embodied in the presentinvention by using a boolean array called AdvancedFeatureIsLocked todetermine whether the AdvancedFeature is to be executed or not each timethe User tries to invoke that AdvancedFeature.

[0120] An example would be

[0121] if AdvancedFeatureisLocked[FeatureID]

[0122] then OfferPassword

[0123] else ExecuteAdvancedFeature(FeatureID)

[0124] Given the above, the Programmer need only execute the followinglines at the beginning of the program or any time it is desired to givethe User an opportunity to purchase a password.

[0125] If PasswordIsGood (MakeID(GetTargetId, FeatureID, ProgramID),GetlnstalledPassword)

[0126] then AdvancedFeatureUnLocked[FeatureID]:=False;

[0127] else begin

[0128] NewPassword:=GetNewPassword;

[0129] if NewPassword<>0 then begin

[0130] InstallNewPassword (NewPassword):

[0131] AdvancedFeatureIsLocked[FeatureId]:=False;

[0132] end:

[0133] end; {Password was not Good when first checked}

[0134] Extensions and Enhancements

[0135] The invention could be enhanced in a variety of ways which wouldmake it even more convenient for User and Programmer. The followingdisclosures are offered as exemplary embodiments and extensions of theforegoing teachings, and should not be construed to limit the scope ofthe present inventions.

[0136] Increasing Utility

[0137] Those with knowledge of the prior art and the teachings of thispatent will recognize that “package” Passwords could be offered whichwould unlock “suites” of advanced features at reduced cost orinconvenience to the User. When the protected software is part of theProgrammer's Program this could be easily implemented by the Programmerusing new boolean variables (such as “Suite3IsUnlocked”); when theprotected software is non-executable text, this could be easilyimplemented by encrypting a suite of narrow-scope passwords in a blockof text which can only be decrypted using a higher-scope Suite-Password;and so on.

[0138] Increasing Security

[0139] The invention as described provides a substantial deterrent tothe casual piracy of protected software, but its utility does notrequire that it be immune to the concerted efforts of skilled hackers.Numerous “hacker-proofing” improvements can be imagined such as basingthe uniqueness of the created “tattoo” upon the User's reaction time inresponse to some prompt rather than upon the system clock on theassumption that the former might be more controllable throughtechnological means.

[0140] Protecting Non-executable Data

[0141] As noted above, the Programmer's Program and the ProtectedSoftware need not be identical, and neither need to be freely copyablein order to fall within the scope of the present invention. Nor must theProtected Software be executable code. In one embodiment, for example,both the Programmer's Program and the Protected Software could bedistributed on non-copyable CDROMs, and the Programmer's Program couldserve decrypt data stored in separate files on the CD-ROM. In thissituation, and in other situations in which the Advanced Features inquestion are encrypted data, the function of the Programmer's Program isto provide access to the encrypted data if and only if a password ispresent which is specific to the adequately-unique ID of the User'sID-Target (e.g., the CD-ROM disk, or the CD-ROM player). One way thatthis could be accomplished would be for the Programmer's program tocontain the key needed to decrypt the encrypted data and to invoke thatkey only in the presence of an appropriate password. However, in orderto make it more difficult for crackers to decrypt the encrypted data inthe absence of a valid password, it would be preferable if theProgrammer's Program simply lacked the information the cracker requires.Several ways in which this could be achieved is disclosed in the nextparagraphs, which can be considered an expanded explanation of theprocesses required to Generate Passwords and Unlock Advanced Features.

[0142] Encrypt each Advanced Feature (e.g., a block of text) using aprior-art keystream encryption technique based upon a pseudo-randomkeystream generated by a pseudo-random number generator initialized withan arbitrary Encrypting seed. In this technique, successivepseudo-random numbers are used to transform in a reversible fashion thesuccessive characters of a text-to-be-encrypted (e.g. by applying theXOR operation). Decryption involves the regeneration and application ofthe same pseudo-random number to the encrypted data, and thereforerequires that the Encrypting Seed be located in the Programmer's Programor in the Encrypted text, where it might be discoverable by hackers.

[0143] However, using the following technique, the Encrypting/DecryptingSeed only needs to exist transiently in the User's System. Asillustrated in FIG. 2, the preliminary step 210 is to Encrypt each blockof text to be treated as a single Advanced Feature with a differentEncrypting Seed S, and assign a Feature ID to that text. A tableassociating each Encrypting Seed with its corresponding Feature ID isprovided to the Licensing System, but is not provided to the User'sSystem. When the User decides to obtain a Password, the Licensingcomputer is provided with the Passwordable-ID and the Feature ID as instep 220. With this information the Licensing System can execute step230, using the Feature ID to access the Encryption Seed S for theFeature in question, and encrypting S using the Passwordable ID as anencrypting seed for a new pseudo-random keystream. The now-encrypted Sis then treated as a Password to be transmitted to, and installed on theUser's system. Once is possesses this password, the User's system canexecute step 240: using its own Passwordable ID, it decrypts S, uses Sto decrypt the text, and then discards S. In this way, the decrypted Sis only transiently present in the User's system, and is only accessiblein the User's system with the appropriate ID.

[0144] A variation of tile above scheme is more secure, but is onlyapplicable when relatively large amounts of data can be transmitted tothe User's system (e.g. through a digital data link connecting theLicensing System to the User's system. In this variation, the text towhich the User seeks access is itself treated as the Password to betransmitted and stored on the User's System. Prior to transmittal, theLicensing system encrypts the text using the User System's PasswordableID as the encryption seed. The User's system will be able to use its ownID to translate the “password” into the desired text, but other systemswith different IDs will not.

[0145] In the previous sections, it was assumed that the reader wouldview the protectable non-executable data (called “text” for convenienceonly) using the Programmer's Program. However, it would be desirable ifsuch data were accessible, in the presence of a valid password, tothird-party programs which had not been designed with the presentinvention in mind. This can be achieved by combining the presentinvention with prior art of the sort used in commercial software for“on-the-fly” file compression, such as SuperStor, and Stacker. Ascurrently .implemented, these “terminate and stay-resident” programsinterpose themselves between a computer's Disk-Operating System (DOS)and third-party application programs which obtain data from the DOS. Thecurrent function of these programs is to increase the storage capacityof rewritable storage media by transparently compressing the applicationprogram's disk output before passing the data on to the DOS, and todecompress data obtained from the DOS before passing it on to theapplication program. By incorporating the present teachings into thisprior art technology, new software could be developed which, in thepresence of the appropriate passwords, would decrypt data which hadpreviously been encrypted on the storage medium, and then pass thenormal-seeming decrypted data to third party application programs.

[0146] Network Environments

[0147] Another desirable feature of the present invention is itsapplicability to network environments. That is, in situations wheremultiple workstations access files which are stored in a shared filedirectory, it might be advantageous if a single copy of the ProtectedSoftware as well as all Passwords could be located in a central locationwhile passwording was specific to each workstation. This could beaccomplished simply by using the workstation as the ID-target, and bystoring passwords in workstation-specific locations, e.g., in fileswhose names are based upon the Passwordable ID. For other programs, itmight be desirable if all workstations in a given network were coveredby the same server-specific license. This could be achieved simply byusing the network server as the ID-target. Other variations of this sortcan easily be envisioned and adapted to the needs of the programmer.

[0148] Hardware Changes.

[0149] A potential problem with the present scheme could arise whichusers change the characteristics of their ID target. This might have tobe dealt with on a case by case basis, but in standard cases, for whichstandard GetID functions might be provided, there is a solution which ishere disclosed. That is, invite users to call a customer serviceoperator for free replacement passwords if minor changes in theirID-Targets have led to changes in Target-IDs, and provide the freepassword provided that the User's description of the change can beconfirmed using the technique of the next paragraph.

[0150] In a non-volatile storage location of the User's Processor suchas the User's hard drive, store a “profile” which records an encryptedlist of the N characteristics of the ID-target on which the Target-ID isbased. Create or update this file whenever a valid password isencountered. Whenever an invalid password is encountered compare thevalues stored within the profile to the values of the Target-ID whichhas just been computed. In the latter case, construct an N bit word,giving each bit a value (1 or 0) which indicates whether or not the Nthcharacteristic of the profile differs from the Nth characteristicresponsible for the Target ID. This N bit word, transformed or encryptedas desired, can then be communicated to the Licensing System's CustomerService operator who determine which characteristics changed since thelast time a valid password was installed on the User's Processor. Thisdetermination can then be used check the User's veracity, in order todecide whether to honor the User's request for a replacement password.

[0151] Password Disks

[0152] Some Programmers or Software vendors may not wish to be bound tothe software, hardware, or customer support policies of the LicensingSystem or its managers. It would therefore be desirable to be able toprovide Software vendors a means of generating passwords to their ownproducts, but not the products of other vendors. From the point of viewof the purveyor of services based upon the present invention, it is alsodesirable that the number of passwords a vendor could generate belimited in a way which allows the purveyor to receive compensation inproportion to the number of Passwords the vendor generates. This can beachieved by providing Software vendors with modified versions of thelicensing programs on tamper-proof and copy-protected media. Themodifications would involve constraining the Licensing Program so thatit only generates Passwords for IDs based upon a particular Software IDassigned in advance to the vendor purchaser of the Password Disk. (Thisis easily accomplished using the present teachings when the PasswordableID encrypts the Software ID: then the Licensing Program can be made torefuse Passwordable-IDs which are based upon other Software IDs.) Priorart tamper-proofing and copy-protection technology available from suchvendors as Aztech Inc. of Arizona, can then be used to set the number oftimes the Licensing Program on the Password Disk can be executed. Inthis way Password Disks can be sold to vendors at prices arecommensurate with the numbers of Passwords to be generated, andpurchasers of such Password Disks can then implement their own licensingsystems and customer support policies

[0153] Additional Ramifications

[0154] Although the description above contains many specificities, theseshould not be construed as limiting the scope of the invention but asmerely providing illustrations of some of the presently preferredembodiments of the invention. For example, other embodiments mightinvolve different ID-Targets such as telephone numbers, node addressesin local area or wide area networks, visual appearances, biologicalcharacteristics of tissue samples, etc. In alternative embodiments,Password-generating processors and/or Password-sensitive processorscould include mechanical calculators, optical computers, etc., andLicensed software could include video or multimedia information,non-digital but easily copyable information such as analog audio orvideo recordings, etc. Finally, the scope of the present invention isintended to include all distribution channels to which it can be madeapplicable: for example, under the present scheme computer manufacturerscould load large amounts of commercial software onto their products'hard disks and sell to users on an after-the-fact basis.

[0155] Thus the scope of the invention should be determined by theappended claims and their legal equivalents, rather than by the examplesgiven.

I claim:
 1. A method of promoting the purchase of a fully functionalproduct delivered in digital form comprising the steps of: creating afully functional version of said product with a defined limitedfunctionality; assigning a unique product identifier to said product;delivering to at least some new users said fully functional productconfigured to operate in a limited functionality mode; and arrangingsaid product such that at least some of said new users are offered theoption of procuring an authorization for a fully functioning product;wherein said authorization procurement includes the steps of: (a)generating an operating context identifier associated with at least onemeasurable factor of the operating context of said user; (b)transmitting a request comprising the unique product identifier and theoperating context identifier to a licensing system acting on behalf ofone or more licensors; (c) receiving an encoded message from saidlicensing system to authorize the product to operate in the fullyfunctional mode for the operating context; and (d) permitting theproduct to operate in the fully functional mode as long as said at leastone measurable factor remains within acceptable limits; whereby saidproduct returns to said limited functionality mode when a user attemptsto operate the product in a different operating context.
 2. The methodof claim 1 in which said operating context depends on at least onereliably measurable characteristic of the user or the user's system. 3.The method of claim 2 in which said at least one reliably measurablecharacteristic is selected from the set of: machine-readableuser-identifier, serial number of user processor or product,distinguishing features of the user's processor, user's voice pattern,spoken or typed password, processor time-stamp, nearly unique tattoo,telephone number, network address, user's visual appearance, andbiological tissue samples.
 4. The method of claim 1 in which said uniqueproduct identifier is associated with at least one predefined licensorof said product.
 5. The method of claim 1 in which said licensing systemuses said product identifier to credit a corresponding licensoraccording to the number of authorizations for said product identifier.6. The method of claim 1 in which said licensing system uses saidoperating context identifier to modify information in a correspondinguser account record.
 7. The method of claim 1 in which said licensingsystem uses said operating context identifier to debit an accountassociated with said operating context identifier, and said licensingsystem uses said product identifier to credit a corresponding licensor'saccount according to the number of authorizations for said productidentifier.
 8. A method for limiting access to selected features of amultimedia file, comprising the steps of: disabling selected features ofsaid multimedia file; distributing said multimedia file with at leastsome enabled features; offering to enable one or more specific disabledfeatures when a user attempts to use at least one of said specificdisabled features; receiving a request from a user or user's system,said request identifying an operating context and identifying said oneor more disabled features; and transmitting an authorization to saiduser or user's system to enable said one or more disabled features,where said authorization is uniquely associated with said operatingcontext; whereby said selected features remain enabled only for saidoperating context.
 9. The method of claim 8 further comprising the stepof: identifying an operating context and a licensor from information insaid request and arranging to send an authorization according to anagreement between said user and said licensor.
 10. The method of claim 8further comprising the steps of: providing a user environment in whichpre-defined actions by said user are interpreted as a request for accessto at least some of said disabled features; creating an identifier forsaid operating context, wherein said identifier is created according toat least one measurable factor of said user's user environment; andusing said operating context identifier to associate said authorizationwith said user's operating context; whereby said authorization will notenable said disabled features when said at least one measurable factorhas changed beyond a pre-configured limit.
 11. The method of claim 8 inwhich said at least one measurable factor is selected from the set of:machine-readable user identifier serial number of user processor orproduct, machine-readable features of the user's system, user's voicepattern, spoken or typed password, processor time-stamp, nearly uniquetattoo, telephone number, network address, user's visual appearance, andbiological tissue samples
 12. The method of claim 8 further comprisingthe steps of: ensuring that an authorization received for one or moreselected features for said unique user cannot be used for access byanother user or on another system; and permitting use of said at leastsome enabled features in a different operating context; whereby userscan obtain authorization to test or demonstrate said selected featureson one system and provide additional copies of the multimedia file toothers who must then request their own authorizations.
 13. A method forlimiting access to selected features of a data object, comprising thesteps of: compressing or encrypting portions of said data object;distributing said data object with at least some operable features;offering to decompress or decrypt one or more portions of said dataobject when a user of one of said operable features attempts to usefeatures of at least one of said compressed or encrypted portions;receiving a request from a user or user's system, said requestidentifying an operating context and said one or more compressed orencrypted portions; transmitting an authorization to said user or user'ssystem to decompress or decrypt at least one compressed or encryptedportion, where said authorization is uniquely associated with saidunique user; whereby said selected portion is decompressed or decryptedonly for said identified operating context.
 14. The method of claim 13further comprising the steps of: providing a user environment in whichpre-defined actions by said user are interpreted as a request for accessto at least some of said compressed or encrypted features; creating aunique identifier for identifying said operating context according to atleast one measurable factor of said user's user environment; and usingsaid unique identifier to associate said authorization with said user'suser environment; whereby said authorization will not enabledecompression or decryption of said compressed or encrypted portion whensaid at least one measurable factor has changed beyond a pre-configuredlimit.
 15. A method for limiting access to selected data features ofcopyable encoded information accessed by a user on a user's system, andfor restricting access to said selected data features to a particularoperating context, comprising the steps of: locking said selected datafeature, having a feature identifier, with a corresponding key;receiving an unlock request, from the user or user's system, saidrequest having a operating context identifier and a feature identifier;transforming said key using at least said unique operating contextidentifier to form an authorization; transmitting said authorization tosaid user or user's system; reverse transforming said authorizationusing said unique operating context identifier to obtain the keycorresponding to said feature identifier; and using said key totemporarily unlock said selected data feature; whereby saidauthorization can only be used to access the selected data feature inthe presence of said operating context identifier.
 16. The method ofclaim 15 in which said operating context identifier is generatedaccording to a pre-determined combination of values selected from theset of: measurable parameters of a user's system, measurable physicalinformation about the user, and information supplied by the user. 17.The method of claim 15 in which said operating context identifier isgenerated for each unlock request according to the present state of apre-determined combination of values collected by a user's system. 18.The method of claim 15 in which said feature identifier is generatedusing unique identification information about said selected data featurein combination with said operating context identifier.
 19. The method ofclaim 15 in which said transforming step uses encryption.
 20. The methodof claim 15 further comprising the steps of: retrieving an authorizationthat has been previously stored for said selected data feature; reversetransforming said retrieved authorization to obtain a valid key; andunlocking said feature with said valid key; whereby a selected datafeature once unlocked remains unlockable in the presence of saidpreviously stored authorization and said operating context underpre-determined conditions.
 21. The method of claim 15 further comprisingthe steps of: storing at least some of said authorizations received bysaid user or user's system; selecting a candidate authorizationpreviously stored for said selected data feature; validating saidselected candidate authorization with a reverse transform using saidunique operating context identifier; and either unlocking said selecteddata feature, if said selected candidate authorization is successfullyvalidated, or else signaling the user or user's system to obtain a validauthorization.
 22. The method of claim 15 wherein: said transformingstep is based upon a prime factorization of an N-digit number using saidoperating context identifier as a randomization key, where N is chosento be within the factorization capabilities of a licensing computer butbeyond the capabilities of the user or the user 's system, and saidreverse transforming step comprises generating the N-digit number insaid user's system, and confirming that said N-digit number is theproduct of the factorization contained in said authorization.
 23. Themethod of claim 15 in which said transforming step is based upon use ofthe operating context identifier as the seed for a complex pseudo-randomnumber generator, and said reverse transforming step confirms that theauthorization generated in the user's system corresponds to theauthorization received, based upon a transform of the operating contextidentifier and feature identifier.
 24. The method of claim 15 furthercomprising the step of: storing at least some of said authorizationsreceived by said user or user's system; determining whether a validauthorization is stored corresponding to a selected data feature desiredby said user using said operating context identifier; and advertisinginformation to said user regarding purchase of a new authorization forsaid selected data feature when said user's system determines that acorresponding authorization has not been stored or cannot be validatedin the present operating context.
 25. The method of claim 24 in whichsaid advertising information includes information selected from the setof: description of the selected data feature, advantages of the selecteddata feature, cost or other requirements for access to the selected datafeature, source identification for obtaining an authorization,identification of an owner or licensor of rights in the selected datafeature, and method of obtaining a valid authorization for access tosaid selected data feature.
 26. The method of claim 15 furthercomprising the steps of: permitting a user or user's system to operateor access at least some unprotected features of said encodedinformation; assisting said user in selection of a selected data featureby disclosing information to said user regarding data features for whichno valid authorization is present; and connecting said user's system toa licensing processor for transmission of said unlock request and forreception of said authorization.
 27. The method of claim 15 furthercomprising the steps of: said user indicating a desire for a selecteddata feature beyond any features already operable or already unlocked;informing the user that the feature is locked, where said feature islocked unless a valid authorization has been stored for said user-ID andsaid authorization is still valid; offering said user information aboutpossible benefits of obtaining access to said locked feature; offeringto said user to provide said user with access to said feature uponagreement with predetermined conditions; and forming an unlock requestfor a user who indicates agreement with said at least some of saidpredetermined conditions.
 28. The method of claim 15 in which saidselected data feature is selected from the following abilities: todecompress encoded information, to access a text file, to execute asoftware or hardware program, to access a further distribution channel,to decrypt digital data, to enable a high-quality output, to enablestorage of processing results, to access a digitized multimedia file, toenable predetermined hardware or software features of the user's system,and to access an analog playback process for an audio, video ormultimedia recording.
 29. The method of claim 15 in which said selecteddata features are locked by a transform of either encryption orcompression, or both, for which a key is required to reverse eachtransform; and a password or authorization provides access to said key;wherein access to each selected data feature requires a password orauthorization which is adequately unique to prevent different users oruser's systems from sharing passwords.
 30. The method of claim 15 inwhich at least some of said steps of locking, unlocking, transformingand reverse transforming are carried out in firmware in the user'ssystem.
 31. A method for sharing limited access to selected datafeatures of copyable encoded information stored on a server, and forpermitting only uniquely identified workstations to unlock said selecteddata features, comprising the steps of: locking said selected datafeature, having a feature-identifier, with a corresponding key;receiving an unlock request having a unique workstation-identifier and afeature identifier from the workstation; transforming said key using atleast said unique workstation identifier to form an authorization;transmitting said authorization to said workstation; reversetransforming said authorization using said unique workstation identifierto obtain the key corresponding to said feature-identifier; and usingsaid key to unlock said selected data feature; whereby said key can onlybe used to access the selected data feature from a uniqueworkstation-identifier.
 32. The method of claim 31 in whichauthorizations formed for a given workstation are then stored on theserver in workstation-specific locations.
 33. The method of claim 31 inwhich said unique workstation identifiers are constructed such that anyworkstation identified as being on the same network can use the sameauthorization for the selected data feature of the encoded information.34. A method of encouraging the purchase of passwords for access toadvanced features of encoded information comprising the steps of:permitting a user or user's system to operate or access at least someunprotected features of said encoded information; generating apasswordable ID for each advanced feature desired by a user; generatinga target-ID in response to reliably measurable characteristics of theuser or user's system; enabling said user to purchase a password tounlock an advanced feature by forwarding the passwordable ID and otherinformation to a licensing processor; receiving in said licensingprocessor said passwordable ID and other information transmitted fromthe user's system; providing the user or user's system with the passwordrequired for each of the passwordable IDs received; installing passwordsin storage locations accessible to the user or user's system; andunlocking any advanced features whose passwords have been installed. 35.The method of claim 34 wherein said passwordable ID is made adequatelyunique by synthesizing the three component IDs: a target-ID specific tothe user or user's system, a software-ID, and the feature-ID.
 36. Themethod according to claim 34 wherein said synthesis is achieved by usinga uniqueness-preserving combination of at least one of the said threecomponent IDs, using said combination as the seed for a pseudo-randomcharacter generation algorithm, and using the first n charactersso-generated as the n-digit passwordable ID.
 37. The method according toclaim 36 wherein said passwordable ID includes an encryption of at leastone of said three component IDs.
 38. The method according to claim 37wherein said passwordable ID additionally encrypts other usefulinformation about a user, or about any parties who are to receivepayment for the provision of the password.
 39. The method of claim 34further comprising the step of enabling a user to make an informeddecision whether to unlock any locked advanced features; whereby a useris provided with information about the costs and benefits of access toadvanced features.
 40. The method of claim 34 further comprising thestep of arranging for transfer of funds from said user to a softwarelicensor according to said user's target-ID.
 41. A method of generating,and encouraging the purchase of authorizations to use licensed featuresof encoded information, said licensed features including advancedfeatures which are desired by a licensor to be accessible in anoperating context only in the presence of an authorization which unlockssaid licensed features only in that operating context, said methodcomprising the steps of: generating an operating context identifier inresponse to reliably measurable characteristics of the operatingcontext; determining whether valid authorizations are present for anylicensed features, unlocking licensed features whose authorizations arepresent, enabling a user to make an informed decision whether to unlockany locked licensed features, and enabling said user to purchase aauthorization to unlock a licensed feature by transmitting thecorresponding encrypted ID and other information to a licensingprocessor.
 42. The method of claim 41 in which said which said licensedfeature is selected from the following abilities: to decompress encodedinformation, to access a text file, to execute a software or hardwareprogram, to access a further distribution channel, to decrypt encodeddigital information, to enable a high-quality output, to enable storageof processing results, to access or decode a digitized multimedia file,to enable predetermined hardware or software features of the user'saccess device, and to access an analog playback process for an audio,video or multimedia recording.
 43. The method of claim 41 furthercomprising the steps of: receiving said encrypted identifier and otherinformation transmitted from the user's system; providing the user oruser's system with the authorization required for the encryptedidentifier just submitted; and unlocking any licensed features whoseauthorizations have been received by the user's system; wherein theauthorization for a given encrypted ID is a predetermined function ofthe encrypted ID and the validity of a candidate authorization isdetermined in the user's system.
 44. The method of claim 41 whichfurther comprises arranging for transfer of funds from the user to alicensor when enabling said user to purchase an authorization.
 45. Themethod of claim 41 further comprising the steps of: encryptingpredetermined portions of the set of operating context identifiers whichare related to the uniqueness of the operating context to create andstore a first profile; comparing said first profile to a new profilegenerated when a licensed feature has no valid authorization present;and providing an encrypted difference factor of said comparison to alicensing processor to verify that a user correctly describes changes tothe operating context identifiers; whereby permitted changes to theoperating context can be evaluated for issuance of a replacementauthorization for said licensed features without requiring additionallicensing transactions by said user.
 46. The method of claim 41 in whichthe presence of a valid authorization is determined by comparing thecandidate authorization with a result generated by a random charactergenerator using an encrypted operating context identifier as the seed.47. The method of claim 41 in which the user's system does not containthe full algorithm for generating the authorization for a given licensedfeature, and wherein the user's system contains the means of confirmingthe validity of a stored or received authorization given anidentification of a licensed feature.
 48. The method according to claim47 wherein the password is a seed, discovered via algorithms known onlyto the licensor, which can be used, in conjunction with a random numbergenerator incorporated into the user's system, to generate the encryptedidentifier and wherein the presence of a valid authorization isconfirmed when the user's system confirms that the candidateauthorization can be used as a seed to successfully generate theencrypted identifier.